Cycript

CYcript必须是连接的砸过壳的应用没砸壳的不能连接

Cycript连接成功

创建cy文件

通过Cycript可以不用卡断进程就能修改内存中的数据等 也可以通过Xcode的Viewdebug来先找到1.00在哪个控件上

再通过像Cycript那样修改内存中数据的方式来修改

Logos

可以将MonkeyDev与Logos语法相结合来进行Hook

首先新建一个项目弄一个简单的页面 编译一下导出.app文件再把生成的头文件导出来 通过MonkeyDev新建一个工程，把导出.app文件拷贝进这个Monkey工程中进行重签名，在手机中安装

这是导出后的头文件的内容 如果要编写Logos语言需要提前把Dylib.xm文件的读取方式修改下 hook成功之后点击button出现hook，Logos支持多种语言格式

修改设置界面

界面分析

具体代码如下

#import <UIKit/UIKit.h>
#define PHDefaults [NSUserDefaults standardUserDefaults]
#define PHSWITCHKEY @"PHSWITCHKEY"
#define PHTIMEKEY @"PHTIMEKEY"


@interface WCTableViewManager : NSObject
@property(retain, nonatomic) NSMutableArray *sections;
- (long long)numberOfSectionsInTableView:(UITableView *)tableView;
@end

@interface NewSettingViewController:UIViewController
@end

%hook WCTableViewManager

- (void)scrollViewWillBeginDragging:(id)arg1{
    %orig;
    //判断在设置页面     判断页面开始滑动回收键盘
    if([MSHookIvar <UITableView *>(self,"_tableView").nextResponder.nextResponder isKindOfClass:%c(NewSettingViewController)]) {
        //回收键盘
        [MSHookIvar <UITableView *>(self,"_tableView")endEditing:YES];
    }
}

//添加两个新方法用来记录每隔多长时间抢和开关状态
%new
- (void)textFieldDidChangeValue:(NSNotification *)notification {
    UITextField *sender = (UITextField *)[notification object];
    [PHDefaults setValue:sender.text forKey:PHTIMEKEY];
    [PHDefaults synchronize];
}


%new
- (void)switchChang:(UISwitch *)switchView {
    [PHDefaults setBool:switchView.isOn forKey:PHSWITCHKEY];
    [PHDefaults synchronize];
    [MSHookIvar <UITableView *>(self,"_tableView") reloadData];
}

- (id)tableView:(UITableView *)tableView cellForRowAtIndexPath:(NSIndexPath *)indexPath {
    if ([tableView.nextResponder.nextResponder isKindOfClass:%c(NewSettingViewController)] && indexPath.section == [self numberOfSectionsInTableView:tableView] - 1) {
        UITableViewCell *cell = nil;
        if (indexPath.row == 0) {
            static NSString *swCell = @"SWCELL";
            cell = [tableView dequeueReusableCellWithIdentifier:swCell];
            if (!cell) {
                cell = [[UITableViewCell alloc]initWithStyle:UITableViewCellStyleDefault reuseIdentifier:nil];
            }
            cell.textLabel.text = @"自动抢红包";
            UISwitch *switchView = [[UISwitch alloc]init];
            switchView.on = [PHDefaults boolForKey:PHSWITCHKEY];
            [switchView addTarget:self action:@selector(switchChang:) forControlEvents:UIControlEventValueChanged];
            cell.accessoryView = switchView;
            cell.imageView.image = [UIImage imageNamed:([PHDefaults boolForKey:PHSWITCHKEY] == 1) ? @"unlocked" : @"locked"];
        }else if (indexPath.row == 1) {
            static NSString * waitCell = @"waitCell";
            cell = [tableView dequeueReusableCellWithIdentifier:waitCell];
            if(!cell){
                cell = [[UITableViewCell alloc]initWithStyle:UITableViewCellStyleDefault reuseIdentifier:nil];
            }
            cell.textLabel.text = @"等待时间(秒)";
            UITextField *textField = [[UITextField alloc]initWithFrame:CGRectMake(0, 0, 150, 40)];
            //监听键盘输入
            [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(textFieldDidChangeValue:) name:UITextFieldTextDidChangeNotification object:textField];
            textField.text = [PHDefaults valueForKey:PHTIMEKEY];
            textField.borderStyle = UITextBorderStyleRoundedRect;
            cell.accessoryView = textField;
            cell.imageView.image = [UIImage imageNamed:@"clock"];
        }
        cell.backgroundColor = [UIColor whiteColor];
        return cell;
    }else {
        return %orig;
    }
}

- (long long)tableView:(UITableView *)tableView numberOfRowsInSection:(NSInteger)section {
    //如果是NewSettingViewController并且是最后一个section返回2否则还返回原来的数量
    if ([tableView.nextResponder.nextResponder isKindOfClass:%c(NewSettingViewController)] && (section == [self numberOfSectionsInTableView:tableView] - 1)) {
        return 2;
    }else {
        return %orig;
    }
}

- (long long)numberOfSectionsInTableView:(UITableView *)tableView {
    if([tableView.nextResponder.nextResponder isKindOfClass:%c(NewSettingViewController)]) {//定位设置页面
        //在原来的基础上多加一组
        return %orig + 1;
    }else {
        return %orig;
    }
}

//设置高度
- (double)tableView:(UITableView *)tableView heightForRowAtIndexPath:(NSIndexPath *)indexPath {
    //如果是NewSettingViewController并且是最后一个section返44否则还返回原来的值
    if([tableView.nextResponder.nextResponder isKindOfClass:%c(NewSettingViewController)] && indexPath.section == [self numberOfSectionsInTableView:tableView] - 1) {//定位设置页面
        return 44;
    }else {
        return %orig;
    }
}

%end

//因为要给VC添加监听键盘的事件so也要hookNewSettingViewController
%hook NewSettingViewController
%new
- (void)keyboardWillShow:(NSNotification *)note {
    UIView *view = self.view;
    CGRect keyBoardRect=[note.userInfo[UIKeyboardFrameEndUserInfoKey]CGRectValue];
    view.frame = CGRectMake(0, -keyBoardRect.size.height, [UIScreen mainScreen].bounds.size.width, [UIScreen mainScreen].bounds.size.height);
}

%new
- (void)keyboardWillHide:(NSNotification*)note {
    UIView * view = self.view;
    view.frame = CGRectMake(0, 0, [UIScreen mainScreen].bounds.size.width, [UIScreen mainScreen].bounds.size.height);
}

- (void)viewDidLoad {
    %orig;
    //监听键盘的弹出和消失
    [[NSNotificationCenter defaultCenter]addObserver:self selector:@selector(keyboardWillShow:) name:UIKeyboardWillShowNotification object:nil];
    [[NSNotificationCenter defaultCenter]addObserver:self selector:@selector(keyboardWillHide:) name:UIKeyboardWillHideNotification object:nil];
}

%end

效果图